I just installed PFSense in my network and configured the pfBlockerNG and Snort package. Its all running fine, except I have noticed by webConfiguraion GUI is accessible from the internet through my public WAN address. I have tried adding a rule to disallow anything other than LAN. I tried blocking traffic from any source to 'WAN net' on 443/80, but that didn't worked as well. Essentially, I want the GUI to be assessible within my LAN network and not from anywhere else.
What am I missing? Any help really appreciated.
PS: My firewall rules are pretty standard, default installed rules and the rules added by pfBlockerNG.
Note that once you install Pfsense it adds a "Default allow LAN" to LAN interface but there is no such rule on WAN interface.
It means you can access everything from LAN, that is, you can access WAN (and so the internet) but the access from WAN is blocked. Fortunately there is no way to access GUI from WAN by default.
This configuration is pretty the same the default config you find in a home/conventional router.
I advise you to try Pfsense for a while before installing packages.
Related
I'm trying to use WSL2 but the DNS isn't working, nothing resolves. I've seen lots of articles about disabling resolv.conf generation and putting in a manual entry, however this won't work for me. My workplace block the port DNS uses so I can't use 1.1.1.1 etc and I can't use the corporate DNS server IP as I want a solution that will work when I go home as well.
Is there a way for WSL2 to be able to use the DNS settings provided by the Hosts DHCP lease? I've tried to change the virtual switch (WSL) in the Virtual Switch Manager to be External but it's still picking up an IP from the DHCP server.
Am I missing some Windows configuration or do I need some Linux Fu to change the config. I was trying to get Podman-Desktop running and couldn't pull any images at work which is what started this off.
I have a node.js website running on my Ubuntu VM. I can access it both from the host and the VM. But if I try http://192.168.10.120:80, from an external device connected to the same network over WiFi, it doesn't work.
What I need to do to make the web site accessible to external devices on the same local network?
I've been googling this for days, and still can't find an answer...
If the host is Windows, there's two things you'll have to do. One is setting up port forwarding in your VM settings. If you're using Virtual Box check this out. Also, depending on your internal networking setup, you may need to allow inbound connections to port 80 through Windows Firewall. Check out this article from Microsoft. The process hasn't really changed since Windows 7 so it should be the same on 8 or 10.
As a side note, security through obscurity sucks but I still wouldn't recommend using port 80.
Here's The Scoop,
I used SET (Social Engineering Toolkit) and made duplicite of a login page, the ip that was used was 10.0.2.15 (Mind you this is on a virtual machine Virtualbox), and when I tried to view it on another computer, it says the server is not responding.I tried to port forward but it was giveing me issues.
is there anything I can do to port forward or do something like that to make the web page connected to the IP viewable on the World Wide Web of another computer.
In other words, the IP's page is only viewable on the same computer who's ip I used to host, can you make it viewable on any computers browser by port forwarding it or something that will work like that.
Use bridging networking for the guest machine. Then, that IP address should be accessible on your network if there are no firewalls enabled.
There are several issues with directly accessing this IP from a separate computer.
First, the forwarding: the computer with the VirtualMachine must accept ip forwarding. This is easy to enable:
https://wiki.archlinux.org/index.php/Internet_sharing
Second, the routing: other computers must know who to ask when looking for 10.0.2.15. This is the hardest part. You could try adding a special route rule on the other computer, to set the host as a gateway for 10.0.2.15, but it requires you to make this on every machine that wishes to access the VM.
As Ahmed said, the easiest way is probably to use a network bridge, where the virtual machine will act as any other computer on the network, with a visible IP.
I'm trying to access the Cassandra browser terminal but the reported IP is unreachable.
I'm following the instructions to install Cassandra on VirtualBox here, and have the following configuration:
And Cassandra appears to start up appropriately:
But I'm unable to hit the provided IP (10.0.0.2)
Any idea what's wrong?
Ok, so I went to Install Cassandra OVA on VirtualBox and followed the instructions (like you did). And it didn't work for me, either.
What did work, was messing with the network settings and ultimately switching to a "Bridged" network adapter:
This put the CassandraVM on my internal network, and I was then able to reach everything from an internal IP (192.168.0.103, in my case).
Also, not sure if it made a difference, but I set Promiscuous Mode to "Allow All."
Had the same issue. Here's what worked for me (the solution came from this VirtualBox forum post).
In Host-only Network Details select the Adapter tab and change the ipv4 address into something inside the 10.0.0.x range. I think you should avoid conflicts with settings in the DHCP Server tab, thus a suitable choice would be 10.0.0.254, for example.
Also, I think you should configure your virtual machine's network settings this way:
Attach to: select Host-only Adapter
Name: select vboxnet0
I've also set Allow All for Promiscous Mode, but I don't know if it's strictly required.
I'm setting up a linux server in a VM for my development.
Previously I've had PHP, MySQL etc etc all installed locally on my Mac. Apart from being a security risk, it's a drag to maintain and keep up to date, and there's a risk that an OS upgrade will wipe part of your setup out as the changes you make are fairly non-standard.
Having the entire server contained within a VM makes it easily upgradable and portable between machines. It means I can have the same configuration as the destination server and with shared folders even if the VM gets corrupted my work is safe on the host machine.
Previously with the local installation I was able to develop on convenient URLs like http://site.dev. I'd quite like to carry this over to the VM way of development but I'm struggling to figure out how, if it's possible at all.
Here's the problem:
In Bridged mode, the VM is part of the same network as the host. This is great but I can't choose a fixed IP address as I may be joining other networks and that address may be taken already. I'd like a consistent way of addressing my VM.
In NAT mode I can't directly address the VM without using port forwarding. I can use http://site.dev if I use the hosts file to forward that to localhost and then localhost:8080 forwards to the vm:80. The trouble is I have to access http://site.dev:8080 which is inconvenient for URL construction.
Does anyone know a way around this? I'm using ubuntu server and virtualbox.
Thanks!
The answer is to define a separate host-only network adapter and use that for host->guest communication.
You can do this by powering down the guest and adding the adapter in the VM settings. Once that's done you can boot the guest again and configure the new network interface however suits you best. I chose a fixed IP address in an unused range.